一、概述

什么是容器
容器技术已经成为应用程序封装和交付的核心技术
容器技术的核心有以下几个内核技术组成:
--Cgroups(Control Groups) 资源管理
--NameSpace 进程隔离
--SElinux 安全

由于在物理机上实施隔离,启动一个容器,可以像启动一个进程一样快速

什么是Docker
Docker是完整的一套容器管理系统
Docker提供了一组命令,让用户更加方便直接地使用容器技术,而不需要过多关心底层内核技术

Docker优点
相比于传统的虚拟化技术,容器更加简洁高效
传统虚拟机需要给每个VM安装操作系统
容器使用的共享公共库和程序

Docker缺点
容器的隔离性没有虚拟化强
共用Linux内核,安全性有先天缺陷
SElinux难以驾驭
监控容器和容器排错是挑战

二、Docker的安装

安装前准备
操作系统 Linux CentOS 7.5
关闭防火墙(不是必须,避免引发一些防火墙导致的问题)

系统版本

[root@docker01 ~]# cat /etc/redhat-release 
CentOS Linux release 7.5.1804 (Core)

Docker的安装可以通过配置yum源或下载安装包安装以下通过yum源方式安装

1.配置yum源 安装docker
打开官网找到适配系统的yum源 按提示安装即可,yum源站点在国外如果因为网络原因安装失败,换成下载安装包安装
官网:https://docs.docker.com/engin...

$ sudo yum install -y yum-utils
$ sudo yum-config-manager --add-repo  https://download.docker.com/linux/centos/docker-ce.repo
$ sudo yum install docker-ce docker-ce-cli containerd.io
[root@docker01 ~]# systemctl restart docker        //开启docker服务
[root@docker01 ~]# systemctl status  docker        //查看docker服务状态
[root@docker01 ~]# systemctl enable docker         //开启docker服务开机启动
[root@docker01 ~]# ifconfig                        //有docker0说明环境部署完成
docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:d5:18:74:94  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

三、Docker的的常用命令

Docker镜像常用命令**

docker images 查看镜像列表
docker history 查看镜像制作历史
docker inspect 查看镜像底层信息
docker pull 下载镜像
docker push 上传镜像
docker rmi 删除本地镜像
docker save 镜像另存为tar包
docker load 使用tar包导入镜像
docker search 搜索镜像
docker tag 修改镜像名称和标签

Docker容器常用命令有哪些

docker run 运行容器
docker ps 查看容器列表
docker stop 关闭容器
docker start 启动容器
docker restart 重启容器
docker attach|exec 进入容器
docker inspect 查看容器底层信息
docker top 查看容器进程列表
docker rm 删除容器

3.1 镜像常用指令练习

默认的镜像仓库为官方镜像仓库,上传下载都会受到网络速度的限制,为了方便管理镜像,后期我们需要在本地搭建镜像仓库

1)搜索镜像

[root@docker01 ~]# docker search nginx               //搜索镜像 带OK 的是官方镜像 更安全
NAME                               DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED
nginx                              Official build of Nginx.                        13768               [OK]                
jwilder/nginx-proxy                Automated Nginx reverse proxy for docker con…   1879                                    [OK]
richarvey/nginx-php-fpm            Container running Nginx + PHP-FPM capable of…   787                                     [OK]
linuxserver/nginx                  An Nginx container, brought to you by LinuxS…   128                                     
......

[root@docker01 ~]# docker search centos
NAME                               DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED
centos                             The official build of CentOS.                   6202                [OK]                
ansible/centos7-ansible            Ansible on Centos7                              132                                     [OK]
consol/centos-xfce-vnc             Centos container with "headless" VNC session…   121                                     [OK]
......

2)下载镜像

[root@docker01 ~]# docker pull nginx   
Using default tag: latest
latest: Pulling from library/nginx
d121f8d1c412: Pull complete 
ebd81fc8c071: Pull complete 
655316c160af: Pull complete 
d15953c0e0f8: Pull complete 
2ee525c5c3cc: Pull complete 
Digest: sha256:c628b67d21744fce822d22fdcc0389f6bd763daac23a6b77147d0712ea7102d0
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest

3)上传镜像 远程镜像仓库因为没有配置认证 上传被拒绝

[root@docker01 ~]# docker push docker.io/nginx
The push refers to repository [docker.io/library/nginx]
908cf8238301: Layer already exists 
eabfa4cd2d12: Layer already exists 
......
errors:
denied: requested access to the resource is denied
unauthorized: authentication required

4)查看镜像列表

[root@docker01 ~]# docker images 
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               latest              7e4d58f0e5f3        2 weeks ago         133MB
busybox             latest              6858809bf669        2 weeks ago         1.23MB
centos              latest              0d120b6ccaa8        6 weeks ago         215MB

5)导出镜像

[root@docker01 ~]# docker save docker.io/nginx:latest -o nginx.tar
[root@docker01 ~]# ls
busybox.tar  Desktop  nginx.tar

6)删除镜像

[root@docker01 ~]# docker rmi docker.io/nginx
Untagged: nginx:latest
Untagged: nginx@sha256:c628b67d21744fce822d22fdcc0389f6bd763daac23a6b77147d0712ea7102d0
Deleted: sha256:7e4d58f0e5f3b60077e9a5d96b4be1b974b5a484f54f9393000a99f3b6816e3d
Deleted: sha256:eedfd37abc0b05520a719addf6675b372687fe9a2ed1746fa988335720d4376c
Deleted: sha256:4f052ddd517f6dc5b74d2f7d881838b8ec6a5e67ec7a1da8bbbe91e1e068ad3a
Deleted: sha256:5f78154d356577280e4ac0d9bf0d021d488828e57f953b011dcbadaecd539ce4
Deleted: sha256:db5783668220e16186080f3e9d69ad748aab8c72abb8e457f6fc45369461634b
Deleted: sha256:07cab433985205f29909739f511777a810f4a9aff486355b71308bb654cdc868

7)导入镜像

[root@docker01 ~]# docker load -i nginx.tar 
07cab4339852: Loading layer  72.49MB/72.49MB
f431d0917d41: Loading layer  64.31MB/64.31MB
60c688e8765e: Loading layer  3.072kB/3.072kB
eabfa4cd2d12: Loading layer  4.096kB/4.096kB
908cf8238301: Loading layer  3.584kB/3.584kB
Loaded image: nginx:latest

批量导入镜像

[root@docker01 ~]# for  i in *.tar; do docker load -i $i; done; 
be8b8b42328a: Loading layer   1.45MB/1.45MB
Loaded image: busybox:latest
Loaded image: nginx:latest
[root@docker01 ~]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               latest              7e4d58f0e5f3        12 days ago         133MB
busybox             latest              6858809bf669        2 weeks ago         1.23MBM

8)查看centos镜像历史(制作过程)

[root@docker01 ~]# docker history docker.io/centos
IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
0d120b6ccaa8        6 weeks ago         /bin/sh -c #(nop)  CMD ["/bin/bash"]            0B                  
<missing>           6 weeks ago         /bin/sh -c #(nop)  LABEL org.label-schema.sc…   0B                  
<missing>           6 weeks ago         /bin/sh -c #(nop) ADD file:538afc0c5c964ce0d…   215MB               

9)启动nginx的镜像

[root@docker01 ~]# docker run -d docker.io/nginx

10)删除镜像,启动容器时删除镜像会失败,先删除容器,再删除镜像
格式:docker rmi 镜像名

[root@docker01 ~]# docker rmi nginx             //删除镜像 报错:
Error response from daemon: conflict: unable to remove repository reference "nginx" (must force) - container 47e0f88ff31ee is using its referenced image 7e4d58f0e5f3

[root@docker01 ~]# docker stop 47e     //停止容器
47e

[root@docker01 ~]# docker rm  47e      //再删除容器
47e

[root@docker01 ~]# docker rmi  docker.io/nginx   //在删除容器成功

[root@docker01 ~]# docker run -d docker.io/nginx   //镜像删除后 运行容器docker重新下载镜像 
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
d121f8d1c412: Pulling fs layer 
ebd81fc8c071: Pulling fs layer 
655316c160af: Download complete 
d15953c0e0f8: Waiting 
2ee525c5c3cc: Waiting 

11)修改镜像的名称和标签,默认标签为 v2

[root@docker01 ~]# docker tag docker.io/centos:latest docker.io/centos:v2
[root@docker01 ~]# docker images 
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
busybox             latest              6858809bf669        2 weeks ago         1.23MB
centos              latest              0d120b6ccaa8        6 weeks ago         215MB
centos              v2                  0d120b6ccaa8        6 weeks ago         215MB

12)查看镜像的底层信息

[root@docker01 ~]# docker inspect docker.io/centos
[
    {
        "Id": "sha256:0d120b6ccaa8c5e149176798b3501d4dd1885f961922497cd0abef155c869566",
        "RepoTags": [
            "centos:latest",
            "centos:v2"
        ],
......

3.2 容器常用指令练习

1)查看容器列表

[root@docker01 ~]# docker ps                   //查看后面运行容器
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
47edcb784521        nginx               "/docker-entrypoint.…"   55 seconds ago      Up 54 seconds       80/tcp              funny_faraday

[root@docker01 ~]# docker ps  -q             //查看后面运行容器只显示ID
47edcb784521
d1129361c6b1

[root@docker01 ~]# docker ps -a             //查看所有容器包括没有启动的
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS                      PORTS               NAMES
47edcb784521        nginx               "/docker-entrypoint.…"   About a minute ago   Up About a minute           80/tcp              funny_faraday
d1129361c6b1        centos              "/bin/bash"              57 minutes ago       Up 4 minutes                                    blissful_poitras
45065a8f9abe        centos              "/bin/bash"              23 hours ago         Exited (130) 23 hours ago                       relaxed_heisenberg

[root@docker01 ~]# docker ps -qa           //只显示所有容器ID
47edcb784521
d1129361c6b1
45065a8f9abe

2)启动centos镜像生成一个容器
docker run -it 是交互 -itd是放入后台运行  像类似nginx的服务启动后没有输入  后面加 /bin/bash 交互的命令可不用加默认 latest  /bin/bash会自动补齐

[root@docker01 ~]# docker run -it docker.io/centos /bin/bash 
[root@d1129361c6b1 /]# yum repolist               //看查默认的yum源  注意命令行前面变成了[root@d1129361c6b1 /] 说明已经在容器里了
Failed to set locale, defaulting to C.UTF-8
repo id                                      repo name
AppStream                                    CentOS-8 - AppStream
BaseOS                                       CentOS-8 - Base
extras                                       CentOS-8 - Extras

[root@d1129361c6b1 /]# yum -y install net-tools    //安装软件

[root@d1129361c6b1 /]# exit        //退出
exit

3)连接容器 并保持后台运行 attach|exec

[root@docker01 ~]# docker ps    //查看后台运行的容器 发现容器也跟着退出了
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

方式1 attach 按ctrl+p+q退出

[root@docker01 ~]# docker start d1  //开启容器
d1

[root@docker01 ~]# docker attach d1      // attach进入进程,退出会关闭  按ctrl+p+q退出 可以保留程序
[root@d1129361c6b1 /]# read escape sequence 

[root@docker01 ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
d1129361c6b1        centos              "/bin/bash"         About an hour ago   Up 48 seconds                           blissful_poitras

方式2 exec
其中,-t 选项让Docker分配一个伪终端(pseudo-tty)并绑定到容器的标准输入上
-i 则让容器的标准输入保持打开
在交互模式下,用户可以通过所创建的终端来输入命令

[root@docker01 ~]# docker exec -it d1 /bin/bash
[root@d1129361c6b1 /]# exit
exit

[root@docker01 ~]# docker  ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
d1129361c6b1        centos              "/bin/bash"         About an hour ago   Up 10 seconds                           blissful_poitras

4)查看容器进程列表

[root@docker01 ~]# docker top d1 
UID                 PID                 PPID                C                   STIME               TTY                 TIME                CMD
root                21336               21318               0                   16:36               pts/0               00:00:00            /bin/bash

5)修改nginx的显示内容

[root@docker01 ~]# docker exec -it 47 /bin/bash
[root@47edcb784521:/# nginx -T /usr/share/nginx/html/
nginx: invalid option: "/usr/share/nginx/html/"   //查找并显示结果

[root@47edcb784521:/# echo aaa >/usr/share/nginx/html/index.html   //修改主页显示的内容
[root@47edcb784521:/# cat /usr/share/nginx/html/index.html 
aaa

5)过滤查看mac和ip地址

[root@docker01 ~]#  docker inspect -f '{{.NetworkSettings.MacAddress}}' 47
02:42:ac:11:00:03
[root@docker01 ~]#  docker inspect -f '{{.NetworkSettings.IPAddress}}' 47
172.17.0.3
[root@docker01 ~]# curl 172.17.0.3
aaa

Bigyong
28 声望13 粉丝